Cloud App Security pre-defines a separate Data Loss Prevention policy that enables the Box administrator to manage shared links to content stored in your organization's Box environment. This helps reduce the risk of undesirable access to your organization's sensitive data through accidental creation of shared links by users.
In this release, Cloud App Security supports control over open shared links only. Open shared links are those set to publicly accessible and no Box account sign-in required.
This policy is independent of the other Data Loss Prevention policies for Box and cannot be prioritized.
New customers can use this policy right after provisioning a service account for Box; existing users need to go to Administrations > Service Account to recreate an access token for Box before you can enable this policy.
To allow creation of open shared links to any file or folder across your organization's Box environment, disable this policy. By default, this policy is disabled. When enabled, Cloud App Security monitors the creation of shared links to files and folders in your organization's Box user accounts, and upon detection, allows the creation or removes the link based on the action configured by the administrator in the policy.
This policy is designed to apply to all Box user accounts in your organization. Configure the policy to exclude certain user accounts and items (files and folders) from this policy, that is, to allow creating open shared links to specified files and folders under specified user accounts.
Before using this policy, be aware of the following limitations:
Cloud App Security does not monitor the creation of open shared links to files that reside right under the root path /All Files of a Box user account.
For the folders that reside right under the root path /All Files of a Box user account, Cloud App Security monitors the creation of open shared links to a maximum of 1,000 of them.
Cloud App Security does not handle the open shared links already created before this policy is configured and enabled.
Cloud App Security does not support manual scan for this policy.
This policy cannot be duplicated or deleted.
The Shared Links Control policy configuration screen appears.
Option | Description |
---|---|
Remove link |
Cloud App Security removes the open shared link, the corresponding file or folder cannot be opened through this link. |
Pass |
Cloud App Security records the detection in a log and allows the open shared link to the file or folder. |
Option | Description |
---|---|
Notify |
Cloud App Security sends a notification email message to the administrator or user according to the Notification settings. |
Do not notify |
Cloud App Security only takes the configured action on the shared link and does not send out any notification email message. |
Define user accounts and items (files or folders) to exclude from this policy.
Option | Description |
---|---|
Add an exception |
A maximum of 100 entries is supported.
To delete a path, click the red delete icon. To modify a path, click the red delete icon and specify a path again. |
Edit an exception |
Select an entry and click Edit. |
Delete exceptions |
Select one or multiple entries and click Delete. |
Option | Description |
---|---|
Notify administrator |
|
Notify User |
Specify message details that notify the user under whose account an open shared link was created that Cloud App Security detected the creation and took action on the shared link. |